maxjhandsome
/
llvm-project
forked from OSchip/llvm-project
1
0
Fork 0
Code Issues Pull Requests Packages Releases Wiki Activity

[analyzer] Fix use-after-free in HandleTranslationUnit. 

A patch by Dmitri Gribenko!

The attached patch fixes a use-after-free in AnalysisConsumer::HandleTranslationUnit.  The problem is that
BugReporter's destructor runs after AnalysisManager has been already
deleted.  The fix introduces a scope to force correct destruction
order.

A crash happens only when reports have been added in AnalysisConsumer::HandleTranslationUnit's BugReporter. We don't have such checkers in clang so no test.

llvm-svn: 147732
This commit is contained in:
Anna Zaks 2012-01-07 16:49:46 +00:00
parent 912ae8a33c
commit 17f57b0a00
1 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp
View File

@ -236,13 +236,16 @@ void AnalysisConsumer::HandleDeclContextDecl(ASTContext &C, Decl *D) {
}
void AnalysisConsumer::HandleTranslationUnit(ASTContext &C) {
BugReporter BR(*Mgr);
TranslationUnitDecl *TU = C.getTranslationUnitDecl();
checkerMgr->runCheckersOnASTDecl(TU, *Mgr, BR);
HandleDeclContext(C, TU);
{
// Introduce a scope to destroy BR before Mgr.
BugReporter BR(*Mgr);
TranslationUnitDecl *TU = C.getTranslationUnitDecl();
checkerMgr->runCheckersOnASTDecl(TU, *Mgr, BR);
HandleDeclContext(C, TU);
// After all decls handled, run checkers on the entire TranslationUnit.
checkerMgr->runCheckersOnEndOfTranslationUnit(TU, *Mgr, BR);
// After all decls handled, run checkers on the entire TranslationUnit.
checkerMgr->runCheckersOnEndOfTranslationUnit(TU, *Mgr, BR);
}
// Explicitly destroy the PathDiagnosticConsumer. This will flush its output.
// FIXME: This should be replaced with something that doesn't rely on